[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind: Can't contact LDAP server(multithreaded ldap client)

On Mon, 2 Jun 2008, Rakesh Yadav wrote:
I have written a library using LDAP client API's according to my requirement. I m having RPC clients and a RPC server. This RPC server is multithreaded and uses the library which is written using LDAP client api.

The problem is :

1. I have open a single connection with LDAP server and passed the
   global LDAP * ptr to all my library calls, And i sended a search
   request from rpc client in a loop, it works and gives the result but
   as i run second request for reading data from rpc server then i get
   error from LDAP server "*Broken pipe*".

With libldap, LDAP handles do not support concurrent use. You can use a given handle from multiple threads, but only by one at a time.

Now, libldap_r does support concurrent LDAP handle use in multiple threads, but the processing of replies is effectively single-threaded: if N threads are waiting in ldap_result() for particular responses, none will return until the response is received that is needed by the first thread to call ldap_result(). This is probably not the behavior you want.

2. Then i have decided i will use seprate connection with LDAP for each
   thread and use a local LDAP *ptr for thread.  This time multiple
   requests from rpc client works for 2-3 minutes after that it also
   gives error.  "*ldap_bind :Can't contact LDAP server*"
   In this case i opened and closed a connection with LDAP server for
   each thread.

That's the method I recommend. There are two things you need to ensure:

1) you must compile libldap with whatever compiler flags are needed to
   make the code thread-safe, such as using the per-thread errno.

2) if using TLS/SSL (whether via ldaps or StartTLS), then you need to
   compile your SSL library to be thread-safe *and* make whatever
   setup calls are necessary

For example, with OpenSSL you need to call CRYPTO_set_locking_callback() and probably CRYPTO_set_id_callback() too. You may also need to call the CRYPTO_set_dynlock_*_callback() functions; the OpenSSL docs aren't very clear on the subject...

Philip Guenther